Apple had previously announced that they were working on a tool to kill the Flashback malware and low and behold, it’s here! Apple released Java for OS X 2012-003 to remove “most common variants of the Flashback malware.”

According to the update notes, the Java web plug-in is also configured to disable the automatic execution of Java applets, which is another way to keep malware like Flashback from spreading. According to Apple, “the update is recommended for all Mac users with Java installed.” For those of you who want to get the update, you can download it directly from Software Update on the Mac OS X (coming in at 66.8 MB).

For those of you who didn’t catch the buzz, the Flashback Trojan created a botnet of more than 600,000 Macs around the world and tracked web browsing information, user IDs, and password. The malicious software was able to install itself automatically on a user’s computer by exploiting a Java security hole. Flashback was first discovered last year and evolved into its current iteration, which self-installs itself.

Installing a java update removes the malware or patches the hole the malware was using?

The update claims to removed it (just read the update's description), but as far as patching goes, from what I can tell, it merely disabled automatic execution (which may not prevent this or other similar malware from being installed if someone happens to allow the execution when prompted, so as always, be careful what you run on your computer.)